Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-39918: WordPress Booking Package plugin <= 1.6.01 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-39992: WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions.

CVE-2023-40206: WordPress WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 versions.

CVE-2023-39991: WordPress BigBlueButton plugin <= 3.0.0-beta.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.

CVE-2023-40208: WordPress Stock Ticker plugin <= 3.23.3 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Uroševi? Stock Ticker plugin <= 3.23.3 versions.

CVE-2023-30494: WordPress ImageRecycle pdf & image compression plugin <= 3.1.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.

CVE-2023-37393: WordPress Atarim plugin <= 3.9.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.9.3 versions.

CVE-2023-31220: WordPress WP Categories Widget plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <= 2.2 versions.

ImpressionTech CMS 1.4 SQL Injection

ImpressionTech CMS version 1.4 suffers from a remote SQL injection vulnerability.

CVE-2023-25465: WordPress wp tell a friend popup form plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.